From 4b563a2292a05fa7aebc87036f40979b6423f160 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Wed, 5 Jul 2023 15:22:57 +0200 Subject: [PATCH] add poor-mans captcha --- modules/web01/default.nix | 2 +- modules/web01/gitea/0001-add-bot-check.patch | 62 +++++++++++++++++++ .../web01/{gitea.nix => gitea/default.nix} | 8 ++- 3 files changed, 69 insertions(+), 3 deletions(-) create mode 100644 modules/web01/gitea/0001-add-bot-check.patch rename modules/web01/{gitea.nix => gitea/default.nix} (85%) diff --git a/modules/web01/default.nix b/modules/web01/default.nix index 82eb42f..7532686 100644 --- a/modules/web01/default.nix +++ b/modules/web01/default.nix @@ -1,7 +1,7 @@ { imports = [ ./homepage.nix - ./gitea.nix + ./gitea ./postfix.nix ]; diff --git a/modules/web01/gitea/0001-add-bot-check.patch b/modules/web01/gitea/0001-add-bot-check.patch new file mode 100644 index 0000000..b5f71bc --- /dev/null +++ b/modules/web01/gitea/0001-add-bot-check.patch @@ -0,0 +1,62 @@ +From f06e0e1aaa9bb0602e6944d0dd4370e24b66b4e3 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= +Date: Wed, 5 Jul 2023 15:02:03 +0200 +Subject: [PATCH] add bot check +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Jörg Thalheim +--- + routers/web/auth/auth.go | 5 +++++ + services/forms/user_form.go | 1 + + templates/user/auth/signup_inner.tmpl | 5 +++++ + 3 files changed, 11 insertions(+) + +diff --git a/routers/web/auth/auth.go b/routers/web/auth/auth.go +index 9f1395225..2f7f434a5 100644 +--- a/routers/web/auth/auth.go ++++ b/routers/web/auth/auth.go +@@ -411,6 +411,11 @@ func SignUpPost(ctx *context.Context) { + context.SetCaptchaData(ctx) + ctx.Data["PageIsSignUp"] = true + ++ if form.Notabot != "Notabot" { ++ ctx.Error(http.StatusForbidden) ++ return ++ } ++ + // Permission denied if DisableRegistration or AllowOnlyExternalRegistration options are true + if setting.Service.DisableRegistration || setting.Service.AllowOnlyExternalRegistration { + ctx.Error(http.StatusForbidden) +diff --git a/services/forms/user_form.go b/services/forms/user_form.go +index 1f5abf94e..196300a14 100644 +--- a/services/forms/user_form.go ++++ b/services/forms/user_form.go +@@ -94,6 +94,7 @@ type RegisterForm struct { + UserName string `binding:"Required;Username;MaxSize(40)"` + Email string `binding:"Required;MaxSize(254)"` + Password string `binding:"MaxSize(255)"` ++ Notabot string `binding:"Required"` + Retype string + } + +diff --git a/templates/user/auth/signup_inner.tmpl b/templates/user/auth/signup_inner.tmpl +index 8dfcb7b7d..0316163c5 100644 +--- a/templates/user/auth/signup_inner.tmpl ++++ b/templates/user/auth/signup_inner.tmpl +@@ -24,6 +24,11 @@ + + + ++
++ ++
++
++ + {{if not .DisablePassword}} +
+ +-- +2.41.0 + diff --git a/modules/web01/gitea.nix b/modules/web01/gitea/default.nix similarity index 85% rename from modules/web01/gitea.nix rename to modules/web01/gitea/default.nix index 59a2a06..aa3454f 100644 --- a/modules/web01/gitea.nix +++ b/modules/web01/gitea/default.nix @@ -15,6 +15,11 @@ host = "/run/postgresql"; port = 5432; }; + package = pkgs.gitea.overrideAttrs (oldAttrs: { + patches = [ + ./0001-add-bot-check.patch + ]; + }); #mailerPasswordFile = config.sops.secrets.gitea-mail.path; settings.mailer = { ENABLED = true; @@ -22,8 +27,7 @@ HOST = "localhost:25"; }; settings.log.LEVEL = "Error"; - # TODO: prevent spammers from logging in, before enabling registration - settings.service.DISABLE_REGISTRATION = true; + settings.service.DISABLE_REGISTRATION = false; settings.metrics.ENABLED = true; settings.server = { DISABLE_ROUTER_LOG = true;